Welcome to WebmasterWorld Guest from 34.238.194.166

Forum Moderators: phranque

DNS change will kill sites dead

DNS Flag Day, 01-February-2019

     
5:24 pm on Jan 17, 2019 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 25, 2003
posts:1336
votes: 429


As I haven't seen this mentioned... and, while I'd normally post it in the Website Technology' forum, it is more likely to be seen here; mods move if you'd prefer.

A web DNS criticality - wherein non compliant domains may become unavailable - will occur 01-February-2019 aka 12 days from now.

That date has been named DNS Flag Day.

Starting February 1st, 2019 there will be no attempt to disable EDNS as reaction to a DNS query timeout.
This effectivelly means that all DNS servers which do not respond at all to EDNS queries are going to be treated as dead.


* DNS Flag Day [dnsflagday.net]

* DNS Flag Day [isc.org]

Fortunately, there is a quick simple test available via the first link above.

Note: WebmasterWorld returns 'All OK' :)
5:33 pm on Jan 17, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:4396
votes: 314


Thanks for that heads up. A quick check says mine are fine. Nice to have that off my list of things to worry about today. ;)
7:08 pm on Jan 17, 2019 (gmt 0)

Preferred Member from US 

10+ Year Member

joined:Mar 10, 2004
posts:471
votes: 51


All of mine I have though DNS Made Easy are good, those using DNS from my registrar are not. I've notified them, thanks for the info. This one seems to be slipping under the radar with some registrars.
7:13 pm on Jan 17, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 19, 2002
posts:3491
votes: 80


Thanks for the heads up, all ok here - glad i checked!
9:55 pm on Jan 17, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:10136
votes: 1009


A forced clean up is occasionally required, as there are too many out there that just don't keep up with best practices, or worry about sloppy configs. To me, this is a good thing. :)
12:16 pm on Jan 18, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 15, 2001
posts:1815
votes: 59


Hmm, I have one that reports as "slow I will have problems with this!" Not yet so sure what I can do.

Bit late to be hearing about it with just a few days to go.
12:57 pm on Jan 18, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26241
votes: 998


Thanks for the heads up on this.

I found one site that reports it will work, but has problems.

Not sure exactly what it means, but i've notified the web host.
3:01 pm on Jan 18, 2019 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator dixonjones is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 8, 2002
posts:2943
votes: 25


Tucows (enom) seems to not be valid! many have to move the dns server to my web host.
4:01 pm on Jan 18, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 7, 2003
posts:804
votes: 121


Newtek Web Hosting have told me that this is a hoax and that nothing is going to happen.

Edit: They have now got back to me and told me that they are aware of the issue.
4:56 pm on Jan 18, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ken_b is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 5, 2001
posts:5885
votes: 117


Thanks for the heads up.
6:07 pm on Jan 18, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15755
votes: 828


Now, if only I knew whether “Minor Issues” means “There may be something that might possibly need a bit of slight tweaking in 2023 or so” ... or “Your sites will still be reachable on 2 February, but we can’t make any promises concerning the 3rd, 4th or 5th”.
6:55 pm on Jan 18, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:May 29, 2003
posts:890
votes: 55


I tried link 1 above, in the first post -

"This domain is perfectly ready."

Many thanks for the heads up. Crossed off my list. But my list remains long. Ha!
.
10:47 pm on Jan 18, 2019 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2952
votes: 34


All of my domains passed, except for one where the DNS is provided through an Office 365 account. This domain returns "minor issues". I checked further and the microsoft.com domain is also flagged with minor issues. It seems that Microsoft's DNS implementation is not up to date with the latest security standards.

Added:
Astonishing is that the w3c.org domain generates a serious problem with expected delays for clients. I thought these were the people in the front-line of new standards?
5:08 pm on Jan 19, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 27, 2002
posts:1187
votes: 0


Minor issues only. It never ceases to amaze me that infrastructure companies are behind.
11:58 pm on Jan 19, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2006
posts:1312
votes: 30


Thanks for the heads up. I used the first link and my sites are all OK.
8:09 pm on Jan 21, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 2002
posts: 772
votes: 14


Thanks for the heads up. All my current customers are fine. All the customers I fired recently are not (left my hosting). Oh well!

Doing the happy-happy-joy-joy dance now <G>
5:55 pm on Jan 23, 2019 (gmt 0)

Full Member

Top Contributors Of The Month

joined:June 28, 2018
posts: 315
votes: 147


regarding the "Minor issues" report it seems there are some minor issues with this response!

Amazon Route53 DNS service hosted domains will report the minor issue error and they are well aware of it but point out that Route53 is fully EDNS0 compliant , which is the only officially confirmed version by the IETF , whilst the dnsflagday site tests for EDNS1 which is not actually officially a version yet so reports this minor error. AWS are a bit peeved by it as they are getting lots of support tickets about it when it is infact not an issue but they plan to implement a fix but will do so carefully as obviously it is very important service and changes made must be tested thoroughly.
5:56 pm on Jan 23, 2019 (gmt 0)

Full Member

Top Contributors Of The Month

joined:June 28, 2018
posts: 315
votes: 147


Anyone else been trying out random domains to see if they can find competitors or just big names that failing the test?
12:07 am on Jan 25, 2019 (gmt 0)

New User from US 

joined:Jan 25, 2019
posts: 2
votes: 1


This was posted recently to the BIND Users mailing list:

DNS flag day is when vendors of recursive name servers will stop releasing
new software that coddles ancient or broken authoritative servers and
firewalls. Instead of trying over and over in different ways to coax some
broken remote system to send back an answer, new resolver software will
just declare the remote server to be broken, and give up.

Nothing will stop working suddenly on February 1. However, the next time
you upgrade your recursive name server to the latest version, you *might*
have problems then. My guess is that you won't, but I can't guarantee it.

If you do have some legacy server running internally that can't be fixed to
support EDNS properly, you can still configure your resolvers not to use
EDNS when talking to that specific server. That option will still be
available after flag day.

An easy way to check would be to install the latest BIND development
release (version 9.13.5) and see if it works. It already has all the flag
day changes in it.

--
Evan Hunt -- [e-mail address redacted]
Internet Systems Consortium, Inc.
10:21 am on Jan 27, 2019 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2258
votes: 151


Thanks

This domain is perfectly ready, you do not need to worry about DNS flag day 2019.
8:02 pm on Jan 27, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 2002
posts: 772
votes: 14


It has been reported that the DNS Flag Day testing page is experiencing random times of giving less than optimal results.
...We have observed some false positives due to timeouts that are caused, not by non-compliance but by authoritative server rate limiting....
See Testing EDNS Compatibility with dig [kb.isc.org ]
8:27 pm on Jan 27, 2019 (gmt 0)

New User from US 

joined:Jan 25, 2019
posts: 2
votes: 1


A change was made to the way that the test was done that should cut down on that issue.

(I work for ISC)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members